Best Practices
We share our best practices to help every visitor to become a better dev.
(Un)signed commits: how we found a (non) security bug in GitHub
When you build an entire software around someone else API, you tend to know everything about it. We made Mergify [https://mergify.io] on top of GitHub API, and it's hard to describe how well we understand its API. From its fabulous and beloved features to its most
Why Deciding Fast Is a Winning Strategy
If you're a video gamer and think you're not up to the task of launching a startup, think twice. At Mergify, we've been heavy video game players for the last couple of decades, and we think differently. Here's one thing we learned
Cycle detection in PostgreSQL
A few months ago, we decided to build a referral program for Mergify [https://mergify.io]. This is a well-known, classical way of bringing more people on your product. To build this program, we add to define a data model that allowed us to store a list of referrers and
Debugging Dependabot nonworking Security Updates
Running a project requires good security practice and management. Handling the security of software passes through holding the safety of its dependencies. GitHub's answers to that have been to provide a service named Dependabot [https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates] that sends security updates to your
Randomly Request Reviews from Your Team
Requesting reviews on a pull request is a standard part of the workflow of most teams. However, there are a few subtleties to what may sound very basic. When assigning a pull request to a team rather than individuals, the pull request might get stuck forever. The diffusion of responsibility
Posting Custom Checks on Pull Requests
Today, we're happy to announce a new feature that just landed in Mergify. You can now use the post_check action to post your custom checks into your pull requests. If you never heard of those, checks are statuses posted at the bottom of a pull request near
Handling European VAT with Stripe
You might have never noticed our accent, but Mergify is registered in the country where cheese is king: France. This has a myriad of implications and a pretty famous one among our peers selling digital services: companies registered in the European Union have to comply with the value-added tax for
Dealing Faster with Conflicting Pull Requests
While we all have a different way of managing our GitHub workflow, we all have to deal with one annoying thing: conflict. When a pull request modifies a file that has been modified in the meantime, GitHub shows you the famous Resolve conflicts button. This indicates the pull request cannot
Selecting your Bot Account
New Mergify users might wonder what hides behind this cryptic title. Do not fear: I am sure you're going to like it. Before jumping into the feature presentation — which ought to be short as it's a simple variable in your configuration — you need to understand the
GitHub CODEOWNERS on steroids
For the last few years, GitHub has supported a feature named CODEOWNERS [https://help.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners] . If you never heard of it, it’s a file that you can put in your repository, and that will make GitHub assigned pull request reviews to users or teams.
Batching queries with GraphQL
GraphQL has seen a booming growth over the last years. A large number of API providers are switching to this new paradigm of querying data on the Web. At Mergify [https://mergify.io], we’re no exception. To implement our automation engine, we’re heavy users of the GitHub API
Managing your GitHub pull request from the command line
At Mergify, we love providing the best tools for developers. Like many software engineers out there, we leverage GitHub to collaborate. After all, that’s how we started this! The GitHub pull request model is nice, but usually requires a lot of manual steps: 1. Forking the repository by clicking